How to disable Restricted Area window?

Posted February 20, 2014 49.3k views
I installed WordPress following the article "One-click WordPress installation on Ubuntu 13.10". After that, I login in to Restricted Area window with username and password, which are located in /root/WORDPRESS (wp-admin/ folder is protected by Apache's .htaccess.) But now, when I visit my site this message is showing every time. On every page. How to disable it? Thanks.
  • Thanks alot
    It is working fine for my website

  • Can anyone please translate this to something an average user could understand? I’m sorry but I do not have a background in CS and I just can’t understand what you guys are talking about. :(

    I installed a new plugin on wordpress (hosted in DigitalOcean using one-click) and I don’t really have a problem with the additional server password. But after I installed this plugin called floating social bar, the password prompt appears on every page. I’ve been told I could just add the admin ajax php on whitelist? But I really don’t understand. I tried installing putty but I feel like a monkey on a rocketship.

    Can someone please help. Thank you!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
17 answers

From the main tutorial, One-Click Install WordPress on Ubuntu 14.04 with DigitalOcean:

To remove the additional password prompt, you’ll need to log into your VPS instance through SSH.... Once logged in, you need to update the main Apache configuration file. Open it as root with your text editor:

nano /etc/apache2/apache2.conf

Inside, you need to find the section that deals with the “/wp-admin/” section. It should look like this

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Please login to your droplet via SSH for login details."
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user

This entire section can be commented out by placing the “#” character before each line, like this:

#<DirectoryMatch ^.*/wp-admin/>
#    AuthType Basic
#    AuthName "Please login to your droplet via SSH for login details."
#    AuthUserFile /etc/apache2/.htpasswd
#    Require valid-user

Once this is complete, you can restart Apache for your new changes to take affect.

service apache2 restart

This should remove the additional password prompt from the administrative areas, which is usually okay since WordPress itself can handle authentication.

  • It seems that none of us read the tutorials :P.

    Thanks !

  • I only want to leave** restricted-area** when trying to log in, can anyone help? before I was only there, but then was requesting to access any part of the blog. Thank you.

  • @gilsoninacio: To limit the HTTP authentication to /wp-login.php only, use the following configuration instead:

    <DirectoryMatch /var/www>
        <Files wp-login.php>
            AuthType Basic
            AuthName "Restricted Area"
            AuthUserFile /etc/apache2/.htpasswd
            Require valid-user

    Make sure you replace /var/www with the correct path to your Wordpress installation.

  • Perfect! Exactly what I needed thank you.

Yes, wish I knew this too. In addition How to change user and pass. would be helpful too.

There is no .htaccess in /wp-admin/ either. I spent a half-hour looking around with an ftp client. Found just about everything else!!

I emailed Tech support and received the standard "we don't handle....' response. Clearly they kindly and graciously did handle the WP/Ubuntu13 install!

Anyways, hope someone responds soon. Thank you.
I think it's in /etc/apache2/apache2.conf
What if we have users needing to login - to post e.g.?

What was the idea to circumvent them having to bypass the folder security?
What happens if I delete /etc/apache2/apache2.conf? Does the DO WP/Ubuntu install then become a 'standard' Apache/WP install?

Or, what lines do I need to comment out for a 'standard' wproot\.htaccess to run the show?

All I want is for my WP/Ubuntu site to take directives from the /wp root/.htaccess. I am wasting so much time with DO's http auth..

I have the same problem ! login window displays on any page, every times for unloved users…
is someone found an issue about this ?
Kamal, what do we have to change in apache2.conf?
@n.muenzner: Can you pastebin apache2.conf's contents? I haven't actually spun up a Wordpress droplet after the image was updated but it should be something like this:
<Location -

AuthType Basic

Comment out the whole block by adding "#" to the beginning of each line and then restart Apache. Does that work?
I think that we have to remove this code from the file:

AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

I did it via WINSCP (sftp) and I had to reboot the droplet (sudo reboot).

I was so happy it worked, because I know nothing about Linux and stuff.
1. sudo nano /etc/apache2/apache2.conf
2. Hit ctrl-w and search for 'wp-admin'
3. Remove these lines

AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

4. Hit ctrl-o to write the changes to the file
5. Hit ctrl-x to exit, and then hit 'y' to save the changes.
6. service apache2 restart to restart your server and the folder should now be accessible.
Previous 1 2 Next